e-HealthExpert.org - Primum non nocere

It's been a decade since the height of Napster's popularity, but file sharing remains rampant on the Internet through networks such as Limewire, BitTorrent and Kazaa. And that may threaten the security of personally identifiable health information, according to a new study in the Journal of the American Medical Informatics Association.

Researchers at the University of Ottawa in Canada used widely available file-sharing software to access documents containing health and financial information from patients at various locations in Canada and the United States. Lead author Khaled El Emam says that his team found that unauthorized users actively searched for files containing such data. "There is no obvious innocent reason why anyone would be looking for this kind of information," El Emam says, according to Healthcare IT News.

"Without additional protection on the health records, like encryption or elevated access controls, it is entirely possible that a mis-configured file sharing tool could gain full access to the records," Robert Grapes, chief technologist of IT security firm Cloakware, says in Healthcare IT News.

To learn more about this study:
- check out this Healthcare IT News story
- read the JAMIA paper

Related Articles:
Study: Peer-to-peer file sharing apps can expose medical data

Now that you're all back in the office following a jam-packed HIMSS10 week of networking, learning and checking out the latest health IT products, I wanted thank those of you who attended our first-ever HIMSS executive breakfast panel discussion March 2, jointly sponsored by FierceMobileHealthcare, FierceWireless and Meru Networks.

Our panel of hospital CIOs and wireless experts shared their 'been there, done that' lessons learned, and discussed the many misconceptions regarding mobile technology deployment. Although this technology has yet to reach its full potential in the healthcare setting--"we'll see tremendous explosion" predicts said Geoffrey Brown, Senior VP and CIO at Inova Health System in Falls Church, Va.--our panelists agreed that many hospitals have learned the hard way how not to deploy this technology. "If not designed right, wireless could be the weakest link," warned Ram Appalaraju, senior marketing VP at Meru Networks. (In fact, Meru is hosting a webinar on Wednesday, March 24 at 2 p.m. EST on delivering high-quality VoIP.)

Later that evening, we met hundreds of additional Fierce readers at our networking bash, held at the World of Coca-Cola. It was fantastic to meet so many FierceHealthIT readers--from hospital and healthcare system technology leaders to executives from some of the largest IT vendors in the industry. Nearly 500 of you braved the rain (and snow!) to party the night away.

This was by far our largest FierceHealthIT event to date, and reflects our tremendous growth overall. Just last year, we launched FierceMobileHealthcare and FierceEMR. In less than a year, they've become weekly must-reads for more than 30,000 subscribers. We also recently published our first eBook (it focuses on the dreaded Medicare recovery audits). Look for an EMR eBook -- and more Fierce newsletters -- publishing early this spring.

Until then, stay Fierce! And as always, feel free to contact me anytime. It's always great to hear from you.

Best,

Wendy Johnson, publisher

P.S.: If you didn't make it out to the Atlanta HIMSS show this year--or even if you did--check out our full coverage of the show at our special FierceHealthIT HIMSS10 website. Our editors fanned out across the show to bring you highlights and analysis from some of the hottest sessions!

Last week, we heard optimism from the likes of the Healthcare Information and Management Systems Society and the College of Health Information Management Executives about the prospects of healthcare organizations earning federal stimulus money for achieving meaningful use of EMRs. But, with more than 27,000 people and close to 900 vendors packed into the Georgia World Congress Center in Atlanta for HIMSS10, there were bound to be some differing opinions. Some even came from outside of Atlanta.

The Medical Group Management Association on Friday released the results of a survey saying that more than two-thirds of practice executives believe that physician productivity would decrease because of the current proposed CMS criteria for meaningful use. Though 31 percent of respondents said productivity would increase by more than 10 percent, the MGMA still was critical of the proposal. "If the final rule mirrors those outlined in the current proposal, there is significant risk that the program will fail to meet the intent of the legislation, and that a historic opportunity to transform the nation's healthcare system will be missed," MGMA chief Dr. William F. Jessee said in a statement. (Jessee also announced last week that he would retire in the fall of 2011.)

Meanwhile, Wolters Kluwer Health, which produces content for clinical decision support systems, announced the results of a survey of its own that found that only 3.8 percent of hospital clinical, IT and administrative executives viewed eligibility for stimulus funding as a key reason to adopt order sets. Leading the list was better quality of care, named by 54.9 percent of respondents, followed by advancing the practice of evidence-based medicine, at 52.8 percent.

For further information:
- take a look at this HealthLeaders Media story
- see this Wolters Kluwer press release

Related Articles:
Survey: Hospitals will struggle to meet 'meaningful use'
Blumenthal: Meaningful use will focus on goals of care, not technology

It may have been a coincidence that IBM closed on its acquisition of Initiate Systems just as HIMSS10 got underway in Atlanta last week. We're certain that it was no coincidence that IBM introduced a product called Initiate Exchange on the very same day it announced the closing of the Initiate deal. "The acquisition was driven by IBM's desire to enhance its ability to help healthcare clients draw on data from hospitals, doctors' offices and payers to create a single, trusted shareable view of millions individual patient records," an IBM  press release read.

Initiate Exchange, which itself is the result of Initiate's acquisition of HIE services vendor Accenx just last October, fosters health information exchange between health systems and physician practices. The product focuses on the master patient index to assure that health professionals have access to the right information on the right patient at the point of care. (See our story in today's FierceHealthIT on the interoperability problems between the VA and DoD to understand why this is so important.)

At HIMSS, Initiate marketing VP Gina Sandon told FierceHealthIT that Initiate Exchange would be IBM's first software-as-a-service offering in healthcare and that the target market would be integrated delivery networks, payers and regional health information organizations.

For more:
- click on this IBM press release

Related Articles:
IBM to purchase Initiate Systems
IBM offers $2B in financing for federal HIT projects

Health information interoperability efforts between the Veterans Health Administration and the Military Health System suffered another setback, as the Department of Veterans Affairs cut off access to the Defense Department's AHLTA EMR after VA officials found errors in medical records downloaded from AHLTA.

No patients were injured as a result of the inaccurate data, according to the VA, but "the potential exists for decisions regarding patient care to be made using incorrect or incomplete data," the VA said in a patient-safety alert sent out last Wednesday.

VA officials first discovered problems with the data exchange late last month when a VA clinician found a record in AHLTA indicating that a female patient had been prescribed a drug for erectile dysfunction. NextGov reports that the clinician's query actually had returned the record of another patient. "The VA clinician may see the patient's data during one session, but another session may not display the data previously seen," the VA alert explains. "This problem occurs intermittently and has been reported when querying DoD laboratory, pharmacy and radiology reports."

For more on this computer glitch:
- read this NextGov story
- see the VA's safety alert (.pdf)

Related Articles:
VA, DoD will meet EMR interoperability deadline
Social Security to join VA, DoD interoperability effort

The Virginia State Legislature last week unanimously approved legislation that would make the state the 12th in the nation to mandate insurance coverage for telemedicine services. The bill, sponsored by state Sen. William Wampler Jr. (R-Bristol), calls on health insurance companies, HMOs and healthcare subscription plans to provide full coverage for telemedicine services, defined as interactive audio, video or other electronic media for the purpose of medical diagnosis, consultation or treatment. Insurers are allowed to perform utilization review to determine whether telemedicine is appropriate in specific cases.

"This is one more indication that telemedicine is now fully accepted by providers, policy makers, consumers and insurers as an important way to increase access, improve quality and reduce costs in the delivery of healthcare" American Telemedicine Association CEO Jonathan D. Linkous says in a press release. The current ATA president is Dr. Karen Rheuban, medical director of the Office of Telemedicine at the University of Virginia. In the same statement, Rheuban thanked the "leaders of the state legislature who have taken the bold step to improve the lives of the residents of Virginia."

Once Gov. Bob McDonnell signs the legislation, Virginia will join California, Colorado, Georgia, Hawaii, Kentucky, Louisiana, Maine, New Hampshire, Oklahoma, Oregon and Texas in requiring coverage of telemedicine services, according to ATA.

For more:
- read this American Telemedicine Association press release

Related Articles:
U.S. Army tests telemedicine at remote outposts in Germany
Federal bill would increase availability of telemedicine
Despite benefits, telemedicine barriers remain high

Physicians, surprise, are less likely than risk managers to admit the occurrence of a medical error, though doctors generally are quicker to apologize to patients after an error than are risk managers, according to a study in this month's Joint Commission Journal on Quality and Patient Safety. Both groups agree, however, that reporting mechanisms leave a lot to be desired. The story doesn't explicitly say so, but we'd be willing to venture that EMRs and IT in general could go a long way toward improving reporting of adverse events--and toward guarding against human error. News brief

The North American market for EMR systems will grow to $5.4 billion annually by 2015, according to a forecast from Global Industry Analysts. By contrast, European spending on EMRs will reach just $1.4 billion by 2015, GIA reports.

Curiously, the report does not mention the American Recovery and Reinvestment Act, which is pumping about $25 billion into the U.S. health IT industry over the next eight years in the form of Medicare and Medicaid bonus payments to providers for EMR usage. Instead, San Jose, Calif.-based GIA cites greater provider realization that EMRs improve efficiency and patient satisfaction by facilitating better communication between clinical staff.

GIA does note that growth will come largely from physician practices and small and rural hospitals. "There are prolific opportunities in less-penetrated markets as physician practices and inpatient centers continue to adopt electronic medical records and digitize relevant areas. Though the operating costs are high and continue to increase, providers are sizing up their portfolio for better positioning in the future," the report says, according to Healthcare IT News.

Key vendors in this growth spurt will include Agfa-Gevaert (which doesn't sell EMRs in the United States), Cerner, Eclipsys, Epic Systems, GE Healthcare, Hewlett-Packard, Australia's iSoft Group, McKesson, MDS Medical Software, MedPlus, Meditech, Medasys SA of France, Germany's Nexus AG, QuadraMed and Siemens Medical Solutions, CMIO reports.

For more information:
- read this Healthcare IT News story
- take a look at this CMIO article

Related Articles:
Study: EMR market should grow 14 percent annually through 2012
HP, McKesson to offer bundled EHR packages to small practices

"The vision for meaningful use is, I think, fantastic," said Adam Gale, president of research firm KLAS Enterprises. "But beyond the vision for meaningful use is some reality," added Gale, who spoke Sunday in Atlanta at a physician IT symposium before the start of the annual HIMSS conference.

The apparent reality is that so many physicians are unprepared to meet the proposed standards when the federal IT incentive program starts in January 2011. But there is plenty of interest in clinical IT for physician offices. Visitors to the KLAS website are looking for information on ambulatory EMRs almost three-to-one compared to all other subjects combined, according to KLAS Director of Ambulatory Research Mark Wagner. And they are looking for data on the largest ambulatory EMR vendors: Allscripts, eClinicalWorks, NextGen Healthcare Information Systems and Greenway Medical Systems, though the fifth-most-popular search is for "other," a prospect Wagner calls "scary" because it suggests a cluttered marketplace.

Wagner also cautioned would-be buyers about vendors that promise fast implementation. "Implementation in two weeks is not realistic," he said. It likely takes a minimum of six weeks to get an ambulatory EMR up and running, even for those who choose the software-as-a-service model. Plus, Wagner said, there is no proven ambulatory SaaS product from a name-brand company on the market yet, though vendors are "scrambling" to develop one.

Related Articles:
KLAS: Hospital EMR sales slowed in 2008, but now trending up
Vendor satisfaction falls across the board in 2009 'Best in KLAS'

Nearly seven in 10 healthcare organizations expect to be eligible for federal incentives for "meaningful use" of health information technology before the end of fiscal year 2012, in time to receive the full Medicare or Medicaid bonus, according to the annual HIMSS Leadership Survey of CIOs and other health IT executives. 

"We feel like we can be compliant on April 1, 2011," David Dawdy, CIO of Phelps Regional Hospital in Rolla, Mo., said Monday morning at the annual HIMSS conference in Atlanta.

"We really are at a tipping point," said HIMSS Chairman Dr. Barry Chaiken. It's a phrase we've heard before, but data from the survey suggests that the American Recovery and Reinvestment Act really is pushing providers to adopt EMRs and other health IT en masse. "A year ago, spending was down and hospitals were feeling pressure, but the stabilizing of the economy and the ARRA meaningful use provision has provided an incentive for making healthcare IT investments," Chaiken added.

Some 38 percent of respondents cited government issues--meaningful use, HIPAA and the transition to 5010/ICD-10 coding--as the business issue having the most impact on health IT this year, up from just 6 percent in 2009. Financial considerations dropped to 23 percent from 54 percent a year ago.

And for 42 percent of respondents, the top IT priority over the next two years is meeting meaningful use. Last year's top priority, a focus on clinical systems, fell to 27 percent from 51 percent last year.

About a quarter of organizations surveyed have fully operational EMRs in at least one facility, and another 22 percent are fully operational across the whole organization, which is one reason why HIMSS does not support a delay in the federal EMR incentive program. "I think keeping the bar high is important," said Allana Cummings, CIO of Children's Hospital and Medical Center in Omaha, Neb.

For more data:
- Take a look at this HIMSS press release

Related Articles:
Survey: Hospitals will struggle to meet 'meaningful use'
Confidence in meaningful use may be high, but time is short

A cash-strapped, 18-bed community hospital in an isolated, rural part of Idaho with many employees who had never touched a computer is an unlikely candidate for health IT success. But thanks to a commitment from management and engagement of everyone from the C-suite, to the medical staff, to rank-and-file employees, Steele Memorial Medical Center (SMMC) in Salmon, Idaho, has been able to reduce patient transfers, provide more timely, effective treatment and offer more flexibility in physician scheduling with an IT implementation that covers every functional area of the hospital.

The secret, say SMMC executives, was a strategic plan and buy-in from every department and all levels of management, as well as a decision by CEO Victoria Alexander-Lane to decentralize IT because she had read of failures elsewhere because IT staff were too detached from other departments.

"None of this happens without the support of upper management and the board. And our hospital staff knew they were committed to making this happen," CFO Preston Becker tells Hospitals & Health Networks magazine.

After identifying super-users within the hospital, management appointed an IT liaison in each department--and paid them extra for spending at least two hours a week working directly with IT staff. "We want them to feel at home in IT and in their department, to be a bridge between the two departments," Becker says.

For more details on this success story:
- check out this Hospitals & Health Networks article

Related Articles:
Rural Texas hospitals to create RHIO with shared EHR
SPOTLIGHT: EMR stimulus and rural hospitals

The new rules on HIPAA breach notification, which became enforceable Feb. 17, and the related, tougher penalties for privacy and security violations, mean healthcare organizations and business associates alike need to be more vigilant about data security. A common source of data breaches, and an area where hospitals need to tighten up security, some experts say, is remote access to networks.

"There is spotty, inconsistent application [of remote-access controls], especially when using personally owned computers," John Parmigiani, a security consultant who wrote the proposed HIPAA security rule, tells AIS Health's Report on Patient Privacy.

"I have had clients compliant with regards to remote access, but they are in a minority," adds Sean Lee, a senior auditor for HIPAA consulting firm Apgar and Associates. "The biggest mistake I see people making is transmitting PHI unencrypted over an open network," such as the Internet.

Covenant Health, Knoxville, Tenn., is addressing security by being selective about who is granted remote access. Those who are approved are limited in the type of data they can view remotely and receive a fob that generates a one-time password each time they log on to the network. Remote users are prohibited from downloading or printing data sent over the network, except in limited circumstances.

For more strategies to safeguard data for remote access:
- read this Report on Patient Privacy story

Related Articles:
Survey: Business associates not prepared for new HIPAA breach notification rules
Connecting hospitals and physicians
A new focus on ID security

More than three-quarters of U.S. hospitals had PACS technology in at least one imaging modality as of 2008, up from 8.5 percent in 2000, according to a new report from the Dorenfest Institute for Health Information Technology, Research and Education. The Dorenfest Institute, which is managed by the HIMSS Foundation, also reports that the top 10 PACS vendors together control about 80 percent of the market, even though the number of vendors offering PACS nearly doubled between 2003 and 2008. White paper (.pdf)

Many of you who are heading out to HiMSS have already registered for our free networking party at World of Coca-Cola. Many others have registered to attend our mobile health breakfast panel discussion. Both are great ways to connect with other Fierce colleagues, talk shop or just meet like-minded professionals in the charged atmosphere of HiMSS.

We also have a third way for you to "meet up," as it were--Facebook. We've created a FierceHealthIT Facebook fan page (log in and seach for FierceHealthIT), where you can meet colleagues, keep up on pertinent news and get access to special offers from Fierce that we won't make available anywhere else.

So whether you're heading out to HIMSS10 in Atlanta next week or sticking close to home, you can stay informed and connected to your FierceHealth community, no matter what! - Wendy Johnson, publisher

Score one for America. Also, score one for jobs-starved Detroit. And leave it to health IT to be the catalyst for hiring.

When Blue Cross Blue Shield of Michigan looked to cut costs, it determined it could save $15 million a year by moving much of its contracted and outsourced IT work to India. But the Michigan economy is hurting and BCBS Michigan already had announced 1,000 layoffs. "My stomach couldn't handle that," company President and CEO Dan Loepp told the Detroit Free Press. "I said there's got to be a way to cut costs and still keep jobs in Michigan."

Gary Harvey, vice president of systems development, further explained to Healthcare IT News that, "[outsourcing IT work to India] was in conflict with our mission as a company. As the largest not-for-profit insurance company in the state, our mission is really to help grow the economy and jobs in the state of Michigan."

So Michigan Blues called in an IT consultant, who came up with the idea of setting up an IT development center in economically ravaged downtown Detroit. It is costing $7 million to launch the program, and annual savings will be about half of what India could offer, but the Blues could entice other companies to join in supporting the center. Plus, the company would save on training expenses by staying close to home. "Here in Michigan, we've had so many layoffs in the last three years," the consultant, Cindy Pasky says. "We have an incredible base of IT talent."

To learn more:
- read this Healthcare IT News story

Related Articles:
HHS to award $80 million for HIT workforce training
Stimulus creates huge demand for HIT professionals
Blumenthal: Conversion to EMR will create 50,000 new HIM jobs

Hospitals everywhere are striving to make the patient experience a little less daunting by adding comforts of home. Like any other patients, hospitalized children and teens have questions--lots of them--and, of course, want to stay connected with their friends and the outside world.

The Nemours/Alfred I. duPont Hospital for Children in Wilmington, Del., is addressing their needs by replacing the old TVs in outpatient units and the emergency department with bedside touch-screen units that feature video games, Internet access and educational medical programming geared toward younger patients and their families, as well as standard television. Called GetWell Town, the system is a pediatric version of GetWellNetwork's interactive devices in adult hospital wards.

GetWell Town is tied in to the hospital's Epic EMR, hospital information system and patient portal for convenient access to patient information. The system also incorporates paging and allows users to request changes to room temperature and other maintenance services.

For more information:
- take a look at this InformationWeek story

Related Articles:
Two hospitals preparing to go 'all-digital'
Getting patients involved
GetWellNetwork, Top Health IT innovator 2007

In researching his book, The Healing of America, in which he promotes universal healthcare, Washington Post reporter T.R. Reid visited France to see how that nation's health system worked. Reid came away most impressed with a smart card issued to each resident, containing patient insurance information, reimbursement history, medication lists and, yes, medical records. "For me, the carte vitale...became a symbol of what the French have achieved in designing a health-care system to treat the nation's 61 million residents," Reid writes.

In excerpts published in Newsweek, Reid thankfully tamps down the hype surrounding unproven technologies--though, like so many mainstream reporters somehow equates the Google Health and Microsoft HealthVault platforms with electronic health records. (How many times do I have to tell you, they are not EHRs. They are platforms for building personal health records, and early-stage products at that!) Smart cards like France's carte vitale provide security and portability while also holding down non-medical costs.

The politics of implementing a national ID program in America notwithstanding, smart cards really do shine in the area of administrative efficiency, Reid finds.

"The French, for example, have used the carte vitale since 1998 and have 67 percent fewer administrative personnel per building than a comparable American establishment. Taiwan, which implemented a national health-care system in 1995, spent $108 million to implement a smart-card system in the early 2000s. Their administrative costs are less than 2 percent of total health-care expenditures and possibly the lowest in the world," he writes.

For more:
- read this Newsweek excerpt from Reid's book

Related Articles:
Germany halts smart-card program for security review
'Smart' medical debit cards on the rise
NY-area hospitals testing smart cards

Chief medical information officers and other medical informatics directors tend to love their jobs and want to stick around for a while, even though this is a relatively new position for many organizations, according to a survey of this discipline by CMIO magazine.

Two-thirds of the 118 CMIOs who took the online survey said they were "very satisfied" or "somewhat satisfied" with their compensation and 86 percent indicated they had no immediate plans to leave their jobs. The majority of CMIOs earn between $180,000 and $300,000 annually in base salary, though a third of survey respondents make less than $180,000 a year. Nearly half did not receive a bonus in 2009, reflecting the moribund economy, though 56 percent say they expect to get one this year.

Their top IT priorities for 2010 include reducing medical errors, delivering clinical knowledge to practicing physicians and implementing EMRs, while on the business side, CMIOs are planning on concentrating on EMRs, CPOE and clinical decision support this year.

Other notable findings:

* 93 percent of CMIOs are men

* 68 percent currently practice medicine

* 36 percent report to the CIO, 31 percent to the CMO and 13 percent directly to the CEO

For more data and analysis:
- check out this CMIO feature

Related Articles:
Raking in the CMIO bucks
SPOTLIGHT: The emergence of the CMIO

Hospital Impact's Anthony Cirillo thinks he knows of just the man to lead the healthcare reform effort: Apple CEO Steve Jobs, known for creating products that "cut through complexity," according to a recent interview. "He reaches for what people only dream about or, even better, haven't even considered dreaming about. After all, who even thought of loading thousands of songs and album cover art onto something smaller than the size of a TV remote? Who ever imagined that patients could go to their doctor's office and simply walk to the next room to visit a specialist?" Cirillo says. Hospital Impact

Government actuaries are counting on health IT producing some significant savings and quality gains from the federal investment of more than $25 billion for electronic medical records. "My concern is that they are going to be disappointed in the results," says H. Stephen Lieber, CEO of the Healthcare Information and Management Systems Society.

"Unless healthcare reform changes the financial incentives that pay for quality, [or] doesn't continue to pay for substandard quality or ineffective care, it doesn't make any difference how many IT tools you have in place. You're not going to realize those efficiencies and that improvement in quality," Lieber says in an exclusive interview with FierceHealthIT ahead of the annual HIMSS conference that opens in Atlanta one week from today.

"Those are not really HIMSS issues. The clinical societies need to take the lead in terms of driving practice to a different place in quality," Lieber continues. "The insurance companies need to engage in that and quit worrying about protecting their bottom line in helping to drive the system to improve quality by taking away those financial incentives to repeat tests, to perform procedures and interventions that don't have documented outcomes or outcomes that are no better than other approaches."

Other than that, Lieber says HIMSS will continue to remain neutral on the debate over health insurance reform, since health IT got its subsidy program via the American Recovery and Reinvestment Act a year ago. "I'm not sure that it's our fight, our debate because the legislation and now the regulations that ensure that the [health IT] tools are there have been completed," Lieber says. "Now, we've got to get the job done in actually getting it installed and starting to meet the requirements for how it's used."

Related Articles:
McKesson CIO: Health reform impossible without better information
Quality-based reimbursement deal gives hope for real reform